Privacy Policy

Last updated: September 18th, 2025

1. Introduction

MALCOMSON BROTHERS LIMITED ("we," "us," or "our") operates BlurrySelfie (the "Service"), an AI-powered photo generation platform accessible at blurryselfie.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring the security of your personal information. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and authentication credentials when you create an account
  • Profile Information: Optional profile details you choose to provide
  • User-Generated Content: Photos you upload and the AI-generated images you create
  • Payment Information: Billing details processed securely through our payment provider Stripe
  • Communications: Information you provide when contacting our support team

2.2 Information We Collect Automatically

  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Usage Data: Pages visited, features used, generation history, and interaction patterns
  • Analytics Data: Performance metrics and usage statistics collected through Plausible Analytics
  • Cookies: Session cookies and authentication tokens to maintain your login state

2.3 Photos and AI-Generated Content

When you upload photos to our Service:

  • We process these photos solely for the purpose of generating your requested AI images
  • Original photos are temporarily stored during processing and deleted after generation
  • Generated images are stored for your access and download
  • We do not use your photos to train AI models without explicit consent
  • We do not share your photos with third parties except as necessary for service provision

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain our Service
  • To process your photo generation requests
  • To manage your account and authenticate your access
  • To process payments and manage billing
  • To communicate with you about your account and Service updates
  • To respond to your support requests and inquiries
  • To improve our Service and develop new features
  • To detect and prevent fraud, abuse, and security issues
  • To comply with legal obligations and enforce our terms
  • To analyse usage patterns and optimise performance

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

  • Contract: Processing necessary to perform our contract with you
  • Consent: Where you have given explicit consent for specific processing
  • Legitimate Interests: For our legitimate business interests, such as improving our Service
  • Legal Obligations: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

  • Payment Processing: Stripe for secure payment handling
  • Cloud Infrastructure: Hetzner for hosting and Cloudflare for content delivery
  • AI Processing: AI model providers for image generation (photos processed securely)
  • Analytics: Plausible for privacy-focused usage analytics
  • Email Services: For transactional emails and communications

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction. We will notify you of any such change.

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Retention

We retain your information for as long as necessary to provide our Service and fulfil the purposes described in this policy:

  • Account Data: Retained while your account is active and for a reasonable period after deletion for legal and backup purposes
  • Uploaded Photos: Deleted immediately after AI generation is complete
  • Generated Images: Retained for your access unless you delete them
  • Transaction Records: Retained as required for accounting and legal compliance (typically 7 years)
  • Usage Logs: Retained for up to 90 days for security and performance analysis

7. Data Security

We implement robust security measures to protect your information:

  • Encryption in transit using TLS/SSL protocols
  • Encryption at rest for sensitive data storage
  • Secure authentication mechanisms including passkeys and two-factor authentication
  • Regular security audits and vulnerability assessments
  • Access controls limiting data access to authorised personnel
  • Secure data centres with physical security measures
  • Regular backups and disaster recovery procedures

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 GDPR Rights (European Users)

If you are located in the European Economic Area, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Restriction: Request limited processing of your data
  • Objection: Object to certain types of processing
  • Automated Decision-Making: Not be subject to purely automated decisions

8.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

8.3 Exercising Your Rights

To exercise any of these rights, please contact us at hi@blurryselfie.com. We will respond to your request within the timeframe required by applicable law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Other legally recognised transfer mechanisms

10. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Marketing Communications

We may send you promotional emails about new features, special offers, or other information we think you may find interesting. You can opt-out of these communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us directly at hi@blurryselfie.com

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top
  • Sending you an email notification for significant changes

Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Data Protection Officer

For any questions or concerns about our privacy practices or to exercise your rights, you may contact our Data Protection Officer at:

MALCOMSON BROTHERS LIMITED
Attn: Data Protection Officer
63 Wickenden Road, Sevenoaks, England, TN13 3PN
Email: hi@blurryselfie.com

15. Supervisory Authority

If you are located in the European Economic Area and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).

16. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of England and Wales. Any disputes relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.

17. Cookies Policy

We use essential cookies to maintain your session and authentication state. These cookies are:

  • Strictly necessary for the Service to function
  • Not used for tracking or advertising purposes
  • Automatically deleted when you log out or your session expires

We also use privacy-focused analytics through Plausible, which does not use cookies and is GDPR-compliant.

This Privacy Policy is effective as of September 18th, 2025 and supersedes all previous versions.